Professional Documents
Culture Documents
How the HTTP protocol works The SSL security extension from a programmer's point of view How to write servers and clients in Java
HTTP
Network Layers
OUR APPLICATIONS THE APPLICATION LAYER THE TRANSPORT LAYER
HTTP, FTP, SMTP, DNS TCP, UDP IP Ethernet
IP
IP: Internet Protocol Unreliable communication of limited size data packets (datagrams) IP addresses (e.g. 165.193.130.107) identify machines Handles routing using the underlying physical network (e.g. Ethernet)
TCP
TCP: Transmission Control Protocol Layer on top of IP Data is transmitted in streams Reliability ensured by retransmitting lost datagrams, reordering, etc. Connection-oriented establish connection between client and server data streaming in both directions close connection Socket: end point of connection, associated a pair of (IP address, port number)
5
An Introduction to XML and Web Technologies
HTTP
HTTP: HyperText Transfer Protocol Layer on top of TCP Request and response sent using TCP streams
HTTP Requests
GET /search?q=Introduction+to+XML+and+Web+Technologies HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040803 Accept: text/xml,application/xml,application/xhtml+xml, text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: da,en-us;q=0.8,en;q=0.5,sw;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.google.com/
Request line (methods: GET, POST, ...) Header lines Request body (empty here)
An Introduction to XML and Web Technologies
HTTP Responses
HTTP/1.1 200 OK Date: Fri, 17 Sep 2009 07:59:01 GMT Server: Apache/2.0.50 (Unix) mod_perl/1.99_10 Perl/v5.8.4 mod_ssl/2.0.50 OpenSSL/0.9.7d DAV/2 PHP/4.3.8 mod_bigwig/2.1-3 Last-Modified: Tue, 24 Feb 2009 08:32:26 GMT ETag: "ec002-afa-fd67ba80" Accept-Ranges: bytes Content-Length: 2810 Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html>...</html>
Status Codes
200 OK 301 Moved Permanently 400 Bad Request 401 Unauthorized 403 Forbidden 404 Not Found 500 Internal Server Error 503 Service Unavailable ...
9
An Introduction to XML and Web Technologies
10
HTML Forms
<h3>The Poll Service</h3> <form action="http://freewig.brics.dk/users/laudrup/soccer.jsp method="post"> Who wins the World Cup 2006? <select name="bet"> <option value="br">Brazil!</option> <option selected value="dk">Denmark!</option> <option value="other country">someone else?</option> </select><br> Please enter your email address: <input type="text" name="email"><br> <input type="submit" name="send" value="Go!"> </form>
Value
other country zacharias_doe@notmail.com Go!
11
12
Authentication
Restricting access to authorized users Common techniques:
IP-address Form (with username/password fields) HTTP Basic HTTP Digest
Limits on request URI length POST allows other encodings (e.g. for file upload) Cachability
13
14
Response:
Authorization: Basic emFjaGFyaWFzOmFwcGxlcGllCg==
15
16
Cache Control
Caches used in clients, servers, and network (proxy servers, content delivery networks) Cache-Control: Cache-Control
no-store no-cache public private max-age must-revalidate HTTP/1.0: never cache this message may cache but need revalidation may cache intended for single user set expiration require revalidation
Range Requests
Range: bytes=387206 Partial Content
17
18
Persistent Connections
Multiple request-response pairs on a single TCP connection
Content-Length (now important!) Connection: close (persistent by default in HTTP/1.1) Connection: keep-alive (compatibility) Keep-Alive: 300 (control timeout, compatibility) send multiple requests before receiving the responses fewer TCP/IP packets only for idempotent requests (e.g. GET) supported by newer browsers
19
Limitations of HTTP
Stateless, no built-in support for tracking clients (session management) No built-in security mechanisms
Pipelining
20
Session Management
Techniques URL rewriting Hidden form fields Cookies SSL sessions
Cookies
Extension of HTTP that allows servers to store data on the clients
limited size and number may be disabled by the client Set-Cookie: sessionid=21A9A8089C305319; path=/ Cookie: sessionid=21A9A8089C305319
21
22
Security
Desirable properties: confidentiality integrity authenticity non-repuditation
SSL
SSL: Secure Sockets Layer TLS: Transport Layer Security (newer version)
SSL/TLS
Layer between HTTP and TCP, accessed by https://... Based on public-key cryptography
private key + public key certificate (usually for server authentication only)
23
24
TCP/IP: DomainName2IPNumbers
import java.net.*; public class DomainName2IPNumbers { public static void main(String[] args) { try { InetAddress[] a = InetAddress.getAllByName(args[0]); for (int i = 0; i<a.length; i++) System.out.println(a[i].getHostAddress()); } catch (UnknownHostException e) { System.out.println("Unknown host!"); } java DomainName2IPNumbers www.google.com } } 66.102.9.104 66.102.9.99
25
An Introduction to XML and Web Technologies
26
27
28
29
30
Non-Blocking I/O NonSupport for concurrent connections and buffering Packages: java.nio.channels, java.nio Central classes: ServerSocketChannel, SocketChannel
Selector ByteBuffer
HTTP in Java
Two approaches: 1. Use the TCP/IP features in Java manually 2. Use the HTTP features
31
32
java ImFeelingLucky2 W3C The prophet spoke thus: Direct your browser to http://www.w3.org/ and you shall find great happiness in life.
33
34
[ DEMO ]
Source code in the book...
35
36
Summary
Communication protocols: IP TCP HTTP SSL Programming Web servers and clients with Java
http://www.w3.org/Protocols/rfc2616/rfc2616.html
37
38
10